Learning to classify text from labeled and unlabeled documents
AAAI '98/IAAI '98 Proceedings of the fifteenth national/tenth conference on Artificial intelligence/Innovative applications of artificial intelligence
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Benchmarking Anomaly-Based Detection Systems
DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A data mining framework for constructing features and models for intrusion detection systems (computer security, network security)
Visualization assisted detection of sybil attacks in wireless networks
Proceedings of the 3rd international workshop on Visualization for computer security
Interactive wormhole detection and evaluation
Information Visualization
An evaluation of dimension reduction techniques for one-class classification
Artificial Intelligence Review
Review: Intrusion detection by machine learning: A review
Expert Systems with Applications: An International Journal
Review: The use of computational intelligence in intrusion detection systems: A review
Applied Soft Computing
On integrating event definition and event detection
Knowledge and Information Systems
Architecture of distributed intrusion detection system based on anomalies
INES'10 Proceedings of the 14th international conference on Intelligent engineering systems
Machine Learning Methods For Detecting Patterns Of Management Fraud
Computational Intelligence
Pattern Recognition
Hi-index | 0.00 |
Intrusion detection systems (IDSs) must be capable of detecting new and unknown attacks, or anomalies. We study the problem of building detection models for both pure anomaly detection and combined misuse and anomaly detection (i.e., detection of both known and unknown intrusions). We show the necessity of artificial anomalies by discussing the failure to use conventional inductive learning methods to detect anomalies. We propose an algorithm to generate artificial anomalies to coerce the inductive learner into discovering an accurate boundary between known classes (normal connections and known intrusions) and anomalies. Empirical studies show that our pure anomaly-detection model trained using normal and artificial anomalies is capable of detecting more than 77% of all unknown intrusion classes with more than 50% accuracy per intrusion class. The combined misuse and anomaly-detection models are as accurate as a pure misuse detection model in detecting known intrusions and are capable of detecting at least 50% of unknown intrusion classes with accuracy measurements between 75 and 100% per class.